CYBERSECURITY – WEEKLY REPORT (September 13, 2017)

Recent spurt in maritime accidents involving naval ships and merchant vessels raised suspicions of hacking electronic systems on board by hostile nations. A latest instance involving China gives credence to such suspicions. Beijing is allegedly hacked the electronics of a yacht owned by a Chinese billionaire dissident in an attempt to intimidate him. The suspicious hacking took place on the Hudson River near New York city in July which left the ship temporarily unable to turn and in danger of colliding with nearby freighter. Guo WEngui @ Miles Kwok, who now lives in New York, said he believes Chinese intelligence disrupted the electronics on his high-tech yacht on several occasions during the month, which also coincided with threats in media.

In one such incident, the vessel’s bow and stern thrusters suddenly shut down. It was discovered that while the thrusters were functioning, control over them had been disconnected from the bridge. The ships controls were apparently hacked by an unknown third party that gained access to the ship’s computer system, possibly using a mobile phone. In another incident, the ship’s Wi-Fi network went offline as Guo boarded the yacht. His mobile phone was apparently hacked and using it, the hackers could disable electronic controls on the board. FBI is investigating the allegations.

The US Navy is separately investigating possibilities of electronic hacking in two collisions between its destroyers and commercial ships that killed 17 American sailors. One of the warships, the USS John S. McCain had been involved in an operation close to a disputed Chinese island in the South China Sea days before the collision.

If the above suspicions are proven, the threat to naval forces and merchant shipping would be enormous with serious consequences.

***

The debate over possible Russian interference in German elections is intensifying as the polls are round the corner. The Washington Post expressed surprise that the much anticipated Russian cyber onslaught is not seen as yet. It said that German politicians have been watching nervously for possible embarrassment and scandal in the event of Russian hackers releasing massive data that they suspected to have stolen from Parliament networks in 2015. Russia Today network mocked the Post for not considering the possibility that Moscow had no intention of meddling in the elections. Meanwhile, a German research group warned of vulnerabilities in the election software used for recording, counting, displaying and analyzing votes.

In the lead to preparations for next year’s World Cup, England’s soccer federation has written to FIFA to address cybersecurity issues as Russian hacking group, Fancy Bears, allegedly had access to confidential medical information of scores of athletes and leaked anti-doping correspondence. Meanwhile, the Trump administration instructed government agencies to remove Kaspersky Lab products from their networks over concerns of Kremlin’s influence on the cybersecurity firm.

***

India and the US were again in the grip of cyber-attacks last week. A new malware Xafecopy Trojan was detected in India which steals money through victims’ mobile phones. Around 40 percent of targets of the malware were detected in India. US-based credit reporting agency Equifax Inc was hacked potentially impacting approximately 143 million American consumers. Hackers gained access to consumer information including names, social security numbers, credit card numbers, addresses etc., exposing regulatory gaps.

http://navalinstitute.com.au/cyber-threats-to-navies-take-many-forms/ Interview with Roger Hilton of the Institute for Security Policy at Kiel University: The cyber capabilities are really integrated at all levels at the naval mission. So, the core capabilities navies seek to provide are the blue-water capabilities of forward presence, deterrence, control, sea control, and power projection, as well as maritime security and humanitarian assistance or disaster response. All of these core capabilities are supported and enhanced by cyber capabilities. Thus, the full spectrum of naval operations and the corresponding naval strategy involve cyber capabilities today.

Germany’s election software is dangerously hackable

https://www.wired.com/story/security-roundup-germany-election-software-is-hackable/ Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of their unsolicited audit of the country’s voting infrastructure. They found that a program called PC-Wahl, used for recording, counting, displaying, and analyzing votes in German elections from the local level to the national government. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country’s October parliamentary election.

As Germans prepare to vote, a mystery grows: Where are the Russians?

https://www.washingtonpost.com/world/as-germans-prepare-to-vote-a-mystery-grows-where-are-the-russians/2017/09/10/07d47f54-9257-11e7-8482-8dc9a7af29f9_story.html?utm_term=.d9e8b4e0888c In 2015, suspected Russian hackers broke into the computer networks of the German Parliament and made off with a mother lode of data — 16 gigabytes, enough to account for a million or more emails. Ever since, German politicians have been watching nervously for the fruits of that hack to be revealed, and for possible embarrassment and scandal to follow. Many warily eyed September 2017 — the date of the next German election — as the likely window for Russian meddling to once again rattle the foundations of a Western democracy. But with the vote only two weeks away, the hacked emails haven’t materialized. Nor have Russian-linked propaganda networks churned into overdrive with disinformation campaigns. The apparent absence of a robust Russian campaign to sabotage the German vote has become a mystery among officials and experts who had warned of a likely onslaught.

‘Where are the Russians?’ WaPo worried it can’t find Kremlin hackers in German election

https://www.rt.com/news/403051-german-election-russian-interference/ With two weeks left till the general election in Germany, the Washington Post is “worried” to see no evidence of a massive Russian meddling campaign. The article does not, however, consider the possibility that Russia had no intention of conducting one in the first place.

https://www.nytimes.com/2017/09/11/sports/soccer/fifa-world-cup-cybersecurity.html?_r=0 England’s soccer federation has written to FIFA to express concerns about the leak of confidential antidoping correspondence by a hacking group believed to based in Russia, and to request assurances about the soccer governing body’s cybersecurity preparations ahead of next year’s World Cup there. Since last year, leaks by the hacking group, known as Fancy Bears, have revealed confidential medical information of scores of top athletes, including tennis champions, track stars and an Olympic gymnast, who had received exemptions to take medication usually be banned under doping regulations.

Trump administration orders purge of Kaspersky products from U.S. government

https://blogs.wsj.com/cio/2017/09/13/nascent-quantum-computing-poses-threat-to-cybersecurity/ The threat of a cyber attack by hackers or rogue nation states with access to quantum computers is becoming real enough that scientists and public officials are convening in London from Sept 13 in part to urge companies to develop a plan for defense. More than 150 cryptographers, business executives and public officials attended the first day of the three-day Quantum Safe Workshop.

China sets up first ‘commercial’ quantum network for secure communications

http://www.business-standard.com/article/international/cyberattack-may-have-affected-143-million-us-consumers-equifax-117090800252_1.html US-based credit reporting agency Equifax Inc announced on Friday that hackers had gained access to the company’s data, potentially impacting approximately 143 million US consumers. Hackers exploited a vulnerability in the company’s website application from mid-May through July and gained access to consumer information including names, Social Security numbers, birth dates, addresses and in some instances, driver’s license numbers, the agency said in a statement. The breach also included credit card numbers of approximately 209,000 consumers and certain dispute documents with personal identifying information of approximately 182,000 consumers.

https://www.wsj.com/articles/equifax-hack-leaves-consumers-financial-firms-scrambling-1504906993 Consumers, financial firms and regulators attempted to assess the damage the large hack at Equifax Inc. The hack is under investigation by the Federal Bureau of Investigation. It ranks as one of the three worst data breaches of all time, alongside Yahoo ’s AABA -0.69% loss of more than one billion records, disclosed last year, and Sony Corp.’s 2014 cyberattack, which exposed confidential data and knocked computers and telephones offline.

Apache Foundation refutes involvement in Equifax breach

https://threatpost.com/apache-foundation-refutes-involvement-in-equifax-breach/127910/ A group of developers behind Apache Struts, believed by some to be the culprit behind last week’s Equifax breach, took umbrage with those claims. Rene Gielen, VP of the Apache Struts Project wrote that if Struts was targeted, it’s unclear which vulnerability, if any was exploited. The letter was spurred by an internal analyst that suggested data from Equifax’s servers was breached via an unnamed Apache Struts flaw.

Thousands of ElasticSearch servers hijacked to host PoS Malware

https://threatpost.com/thousands-of-elasticsearch-servers-hijacked-to-host-pos-malware/127965/ Thousands of insecure Elasticsearch servers are hosting point-of-sale malware, according to an analysis by Kromtech Security Centre. In total, researchers found 15,000 insecure Elasticsearch servers with 27% (4000) hosting the PoS malware strains Alina and JackPoS. Insecure servers have opened the door for hackers to use them for a wide range of illegal activities. Kromtech said 99% of compromised EalsticSearch servers were hosted on Amazon Web Services’ platform.

Son of Russian lawmaker pleads guilty in cyber crime cases

http://in.reuters.com/article/usa-cyber-russia/son-of-russian-lawmaker-pleads-guilty-in-cyber-crime-cases-idINKCN1BJ2Q2 The son of a Russian lawmaker accused of stealing credit card data and other personal information has pleaded guilty in two criminal cases stemming from a probe into a $50 million online identity theft scheme, the U.S. Justice Department said. Roman Seleznev, 33, the son of Russian parliament member Valery Seleznev, was sentenced to 27 years in prison by a federal court in Washington for his role in a cyber assault. He was arrested in the Maldives and brought to the United States to face charges. The Russian government has previously criticized the arrest, calling it an unlawful kidnapping.

https://threatpost.com/popular-d-link-router-riddled-with-vulnerabilities/127907/ A wireless router made by D-Link has nearly one dozen critical vulnerabilities, according to a report released by independent researcher Pierre Kim. The bugs found are in D-Link’s model DIR 850L wireless AC1200 dual-band gigabit cloud routers and could allow a hacker to ultimately hijack the routers and take control of them.

Android users vulnerable to `high-severity’ overlay attacks

https://threatpost.com/android-users-vulnerable-to-high-severity-overlay-attacks/127901/ Security researchers warned of a high-severity Android flaw that stems from what they call a “toast attack” overlay vulnerability. Criminals could use the Android’s toast notification, a feature that provides simple feedback about an operation in a small pop up, in an attack scenario to obtain rights on targeted phones and take complete control of them. Affected are all versions of the Android operating system prior to Android 8.0, Oreo, released last month.

http://cornellsun.com/2017/09/11/prof-shows-how-your-internet-activity-is-being-watched/ Cornell’s Department of Computing and Information Science kicked off the first of a series of talks that aims to discuss the importance of technological advancements and the law in exploring surveillance, privacy and bias. Prof. Arvind Narayanan, computer science, Princeton University, was the first speaker of the series and presented his research with a talk entitled “Uncovering Commercial Surveillance on the Web.” Commercial surveillance involves techniques used by companies to discreetly and legally trace the internet activity of users. Such surveillance is so widespread that it affects anyone who uses the internet, even for basic browsing. Narayanan laid out a technical overview of how third-party companies gain access to users’ personal information using ingenious techniques.

https://www.wsj.com/articles/china-to-shut-bitcoin-exchanges-sources-1505100862 Chinese authorities plan to shut down domestic bitcoin exchanges, delivering a final blow to a once-thriving industry of commercial trading for virtual currencies, which took off inside the mainland four years ago. The country’s central bank has led a draft of instructions that would ban Chinese platforms from providing virtual currency trading services, according to people familiar with the matter. The move comes after months of scrutiny by Beijing, including a ban last week in China on initial coin offerings, a kind of fundraising via virtual currencies.